Red Hat Bugzilla – Bug 161096
CAN-2005-1992 ruby arbitrary command execution on XMLRPC server
Last modified: 2007-11-30 17:11:08 EST
+++ This bug was initially created as a clone of Bug #161095 +++
I ran across this issue in the Debian BTS:
It seems that by executing an XMLRPC server in ruby in this manner:
It becomes possible to execute any arbitrary commands within the XMLRPC
Fixed in ruby-1.8.2-1.fc3.3 for FC3 and ruby-1.8.2-7.fc4.2 for FC4.